Hijackthis analiza

poruka: 90
|
čitano: 24.764
|
moderatori: pirat, XXX-Man, vincimus
+/- sve poruke
ravni prikaz
starije poruke gore
14 godina
neaktivan
offline
Hijackthis analiza

ljudi,trebam pomoč oko analize hijacka-a.molim vas da se netko javi tko zna kako sredit to.komp mi umire!! :((

 

 

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbws.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\kompjuter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Spyware Doctor\pctsTray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\kompjuter\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"

O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{40B53E22-5F8E-4EFF-9A5E-39111EC3069E}: NameServer = 156.154.70.22,156.154.71.22

O17 - HKLM\System\CS1\Services\Tcpip\..\{40B53E22-5F8E-4EFF-9A5E-39111EC3069E}: NameServer = 156.154.70.22,156.154.71.22

O17 - HKLM\System\CS2\Services\Tcpip\..\{40B53E22-5F8E-4EFF-9A5E-39111EC3069E}: NameServer = 156.154.70.22,156.154.71.22

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Usluga Google ažuriranje (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Usluga Google ažuriranje (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

 

--

xoss
Poruka je uređivana zadnji put uto 23.8.2011 9:49 (xossir).
 
0 0 hvala 0
16 godina
neaktivan
offline
Hijackthis analiza

kako ne bi umirao kad imaš kaspersky i spyware doctora u realnoj zaštiti
čemu taj spy doctor?
šta ti se uopće dešava?

Moj PC  
0 0 hvala 0
14 godina
neaktivan
offline
Re: Hijackthis analiza

spy doctor je isključen nije u pokretu,igre mi štekaju šta prije nikad nije.neče mi prepoznat externe hardove šta prije nikad nije,malo mi oče na internet malo neče šta prije nikad nije...imam filing da me nešto hebe al neznam kaj kaspersky ne nalazi ništa tako isto i spy program ništa takodjer malware ništa

xoss
Poruka je uređivana zadnji put uto 23.8.2011 10:59 (xossir).
16 godina
neaktivan
offline
Hijackthis analiza

prema logu stoji da se pokreće automatski , on i kaspersky,pogledaj preko upisa msconfig u run ili search komandu
ne znam,napravi si scan s ovim alatom ,express,ako imaš vremena kasnije i full,ali taj može potrajati satima,najbolje ostaviti preko noći

Moj PC  
0 0 hvala 0
14 godina
neaktivan
offline
Re: Hijackthis analiza

ma stvarno je isključen spy doctor 100%,kaspersky sam danas instaliro a uninstaliro avast...

xoss
16 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

ma stvarno je isključen spy doctor 100%,kaspersky sam danas instaliro a uninstaliro avast...

jel ti se to dešava od kad si instalirao kaspersky ili od prije?
skeniraj s dr web-om bez obzira
evo .:O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"

Poruka je uređivana zadnji put uto 23.8.2011 11:43 (seneka).
14 godina
neaktivan
offline
Re: Hijackthis analiza

ma nije problem uopče u tome fkt nije...baš da se tolko ne kužim,nebi reko.na start up manager-u su mi sumnjivi winlogon.exe i csrss.exe...gledo na google i neki kažu da su malciozni neki ne...staviom sam preko noči da avast skenira na bootu i našo je na dirtu 3 win32.qqmima nije ga dao izbrisat niti popravit ma ništa.probo sam zatim s kasperskim to nač i ne nalazi ga.izgleda da imam taj win32QQmima virus koji se neda maknut

xoss
Poruka je uređivana zadnji put uto 23.8.2011 11:46 (xossir).
17 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

ma nije problem uopče u tome fkt nije...baš da se tolko ne kužim,nebi reko.na start up manager-u su mi sumnjivi winlogon.exe i csrss.exe...gledo na google i neki kažu da su malciozni neki ne...staviom sam preko noči da avast skenira na bootu i našo je na dirtu 3 win32.qqmima nije ga dao izbrisat niti popravit ma ništa.probo sam zatim s kasperskim to nač i ne nalazi ga.izgleda da imam taj win32QQmima virus koji se neda maknut

 uradi ovako pa ćemo pogledati o čemu se radi

16 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

ma nije problem uopče u tome fkt nije...baš da se tolko ne kužim,nebi reko.na start up manager-u su mi sumnjivi winlogon.exe i csrss.exe...gledo na google i neki kažu da su malciozni neki ne...staviom sam preko noči da avast skenira na bootu i našo je na dirtu 3 win32.qqmima nije ga dao izbrisat niti popravit ma ništa.probo sam zatim s kasperskim to nač i ne nalazi ga

dr web radi oko pola sata u express scanu,ovo su legitimni procesi
kako ti deinstaliraš,npr kako si maknuo avast? i taj spyware doc bi trebao deinstalirati
i reci od kad traju problemi,kaspersky se hoće natovariti na pc i usporavati

14 godina
neaktivan
offline
Re: Hijackthis analiza

ma problem je u ovom win32QQmima,kaspersky imam od danas ujutro,nije komp spor dobro radi.uninstaliro sam avast preko revo uninstaler.spyware docotr brišem sad.kako ubiti ovaj win32QQmima??

xoss
16 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

ma problem je u ovom win32QQmima,kaspersky imam od danas ujutro,nije komp spor dobro radi.uninstaliro sam avast preko revo uninstaler.spyware docotr brišem sad.kako ubiti ovaj win32QQmima??

evo ti totala,napravi kako ti je stavio u postu iznad

14 godina
neaktivan
offline
Re: Hijackthis analiza

 

Bad processes: 1

[SUSP PATH] ClickClean.exe -- c:\users\kompjuter\appdata\local\google\chrome\user data\default\extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\clickclean.exe -> KILLED [TermProc]

 

Registry Entries: 3

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

evo loga

 

 

 

 

 

 

xoss
Poruka je uređivana zadnji put uto 23.8.2011 12:10 (xossir).
17 godina
neaktivan
offline
Hijackthis analiza

još mi treba OTS.txt log

 
0 0 hvala 0
14 godina
neaktivan
offline
Hijackthis analiza

neče mi učitat stranicu gdje trebam stavit onaj log od OTS-a

 

 

imaš mail total?

xoss
Poruka je uređivana zadnji put uto 23.8.2011 12:28 (xossir).
 
0 0 hvala 0
17 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

neče mi učitat stranicu gdje trebam stavit onaj log od OTS-a

 možeš uploadati i na http://www.megaupload.com/ ili bilo koju sličnu stranicu

 

u krajnjem slučaju možeš copy/paste na ovu temu...OTS.txt mi treba da znam kako dalje

14 godina
neaktivan
offline
Re: Hijackthis analiza
14 godina
neaktivan
offline
Re: Hijackthis analiza

kakvo je stanje total?

xoss
17 godina
neaktivan
offline
Re: Hijackthis analiza

 otvori OTS i ovo kopiraj u prazno polje

 

[Unregister Dlls]
[Registry - Safe List]
< HOSTS File > ([2011/08/08 10:56:18 | 000,436,368 | R--- | M] - 15064 lines) -> C:\Windows\SysNative\Drivers\etc\hosts
YN -> Reset Hosts ->
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2183433832-1320723855-1422789512-1000\] > -> HKEY_USERS\S-1-5-21-2183433832-1320723855-1422789512-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
[Files/Folders - Created Within 30 Days]
NY ->  5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp
NY ->  1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp
NY ->  12 C:\Users\kompjuter\AppData\Local\Temp\*.tmp files -> C:\Users\kompjuter\AppData\Local\Temp\*.tmp
NY ->  1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files - No Company Name]
NY ->  mxnhytee.feu -> C:\ProgramData\mxnhytee.feu
NY ->  ativpsrm.bin -> C:\Windows\ativpsrm.bin
[Alternate Data Streams]
NY -> @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E965A533
NY -> @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
NY -> @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D1B5B4F1
NY -> @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ClearAllRestorePoints]
[Reboot]

 

klik na RUN FIX

-log koji dobiješ nakon restarta ćeć isto tako uploadati

 

2.skini combofix i spremi na desktop

-isključi antivirus i firewall

-pokreni combofix i na sve što traži odgovori potvrdno

-log ćeš također uploadati

14 godina
neaktivan
offline
Hijackthis analiza

evo log

 

 

All Processes Killed

[Registry - Safe List]

HOSTS file reset successfully!

Registry value HKEY_USERS\S-1-5-21-2183433832-1320723855-1422789512-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_USERS\S-1-5-21-2183433832-1320723855-1422789512-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

[Files/Folders - Created Within 30 Days]

C:\Windows\SysWow64\OLD926F.tmp deleted successfully.

C:\Windows\SysWow64\tmp3B75.tmp deleted successfully.

C:\Windows\SysWow64\tmp3B76.tmp deleted successfully.

C:\Windows\SysWow64\tmpD021.tmp deleted successfully.

C:\Windows\SysWow64\tmpD032.tmp deleted successfully.

C:\Windows\SysNative\drivers\~GLH0023.TMP deleted successfully.

C:\Windows\5158974E2D28401893357694C2974746.TMP folder deleted successfully.

C:\kleaner.tmp\kln64B4.tmp deleted successfully.

C:\kleaner.tmp folder deleted successfully.

[Files/Folders - Modified Within 30 Days]

C:\Users\kompjuter\AppData\Local\Temp\e4j15F1.tmp_dir32247\exe4jlib.jar deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j15F1.tmp_dir32247\i4jdel.exe deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j15F1.tmp_dir32247 folder deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j2FC9.tmp_dir5377\exe4jlib.jar deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j2FC9.tmp_dir5377\i4jdel.exe deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j2FC9.tmp_dir5377 folder deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j39F4.tmp_dir19864\exe4jlib.jar deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j39F4.tmp_dir19864\i4jdel.exe deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4j39F4.tmp_dir19864 folder deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4jF807.tmp_dir12785\exe4jlib.jar deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4jF807.tmp_dir12785\i4jdel.exe deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\e4jF807.tmp_dir12785 folder deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\is-AHTQS.tmp folder deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\tmpBC45.tmp deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\tujB200.tmp deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\utt14DA.tmp deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\~DF1CE07CE9F2C5A923.TMP deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\~DF4844C29F6F0BA669.TMP deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\~DF5024833C38273D0C.TMP deleted successfully.

C:\Users\kompjuter\AppData\Local\Temp\~DFFAD7F1A30FA72AF2.TMP deleted successfully.

[Files - No Company Name]

C:\ProgramData\mxnhytee.feu moved successfully.

C:\Windows\ativpsrm.bin moved successfully.

[Alternate Data Streams]

ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.

ADS C:\ProgramData\TEMP:E965A533 deleted successfully.

ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.

ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.

xoss
 
0 0 hvala 0
14 godina
neaktivan
offline
Hijackthis analiza
 
0 0 hvala 0
14 godina
neaktivan
offline
Hijackthis analiza

ako može čim prije jer moram ič radit

xoss
 
0 0 hvala 0
17 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

ako može čim prije jer moram ič radit

otvori notepad i ovo kopiraj u notepad

 

File::
c:\users\kompjuter\AppData\Local\BIT32D2.tmp
c:\windows\ativpsrm.bin
c:\windows\system32\aswBoot.exe
c:\windows\system32\E9B4.tmp

Driver::
MEMSWEEP2

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

 

zatvori notepad i spremi kao CFScript na desktop

-isključi opet antivirus i firewall

-skriptu uvuci sa mišem u combofix.exe

-combofix će se opet pokrenuti, sačekaj dok ne završi i log opet kopiraj

 

nakon ovog koraka bi trebalo biti sve ok....javi kako računalo radi i dobijaš li još uvijek upozorenja o virusu

14 godina
neaktivan
offline
Hijackthis analiza

http://www.megaupload.com/?d=JP5V4EI3

 

 

evo load,evo final log i preko noči ču stavit scan na boot-u pa javim sutra uz kavu :)

 
0 0 hvala 0
14 godina
neaktivan
offline
Hijackthis analiza

majstore,komp mi radi ko vurica.nema više win32QQmima.hvala!!!!

xoss
 
0 0 hvala 0
17 godina
neaktivan
offline
Re: Hijackthis analiza
xossir kaže...

majstore,komp mi radi ko vurica.nema više win32QQmima.hvala!!!!

 izbriši combofix i OTS

 

start/run/ combofix /uninstall potvrdi i sačekaj dok se combofix ne izbriše

 

OTS brišeš tako da otvoriš program i klikneš na clean up

16 godina
offline
Hijackthis analiza

Molim da pogledate log i da mi kažete da li treba nešto obrisati

Nešto mi se uvalilo u komp pa sad skeniram

Hvala svima

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:19, on 6.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark Applications\QLink\QLINK.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Bugova apoteka\Infekcije\Trend Micro HijackThis 2.0.4\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: QLINK.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1308058734884
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7455 bytes

Poruka je uređivana zadnji put ned 6.11.2011 12:31 (filip1).
 
0 0 hvala 0
16 godina
neaktivan
offline
Hijackthis analiza

O4 - Global Startup: QLINK.lnk = ? to se može brisat
i onemogućiti u startupu javu,groove monitor i google update ,da se ne ažuriraju s dizanjem windowsa

Moj PC  
0 0 hvala 0
16 godina
offline
Re: Hijackthis analiza

superantispyware mi pronalazi Malware.Trace

našao sam zapis u mapi winlogon (registry)

da li to mogu brisati

 

16 godina
neaktivan
offline
Re: Hijackthis analiza
filip1 kaže...

superantispyware mi pronalazi Malware.Trace

našao sam zapis u mapi winlogon (registry)

da li to mogu brisati

 

briši,s čim još skeniraš osim s njim i mse-om?
a sad vidim,s mbam
probaj još s hitmanom
ne znam jesu li to ostaci ili je taj fake antispyware malwaretrace ili trace sweeper, kao se već zove instaliran i aktivan na kompu

Poruka je uređivana zadnji put ned 6.11.2011 13:12 (seneka).
14 godina
neaktivan
offline
Hijackthis analiza

Dali mi može tko pregledat Hijackthhis analizu kompjuter mi je uporio zadnji dana, zapravo najveci problem je dizanje sistema koje traje i traje.

 

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\lxcfcoms.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe

O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 6046 bytes

 
0 0 hvala 0
Nova poruka
E-mail:
Lozinka:
 
vrh stranice